Exploring the Impact of Task Preemption on Dependability ... - CiteSeerX

Paper Preprint – To Appear In: Proceedings of the 20th Euromicro RTS Conf. 2008

Exploring the Impact of Task Preemption on Dependability in Time-Triggered Embedded Systems: a Pilot Study Michael Short, Michael J. Pont and Jianzhong Fang Embedded Systems Laboratory, University of Leicester, Leicester, UK. {mjs61, mjp9}@leicester.ac.uk, [email protected]

Abstract In this paper, we explore the impact of task preemption on the dependability of a single-processor embedded control system. Our particular focus in this exploratory study is on static–priority, time-triggered scheduler architectures. The study is empirical in nature and we employ a hardware-in-the-loop (HIL) testbed, representing a cruise control system for a passenger vehicle, in conjunction with fault-injection to perform the dependability comparisons. The results we have obtained suggest that the presence of preemption may have a negative influence on dependability; however further work is needed in this area before more general conclusions may be drawn.

1. Introduction Modern control systems are almost invariably implemented using some form of digital computer system [1]. The dominance of digital systems in this field is a consequence of the low cost, increased flexibility, greater ease of use, and increased performance of digital control algorithms when compared with equivalent analogue implementations [2] [3]. As such systems are increasingly employed in applications where their correct functioning is vital, particular attention must be focused on the dependability of such systems. Dependability in this sense covers many attributes, for example reliability, security, timeliness and schedulability [4] [5]. In this paper, we are specifically concerned with the operational dependability (i.e. the level of software fault tolerance and reliability) of control systems implemented using a single resourceconstrained embedded processor, as employed in the field. As such, we assume that appropriate analysis

has been undertaken during system verification to ensure the functional correctness and schedulability of the design (e.g. [5] [6] [7]). The particular focus is on systems in which timetriggered (TT) schedulers are employed to control the release of periodic tasks, which are in turn employed to implement the control algorithm. Often, to keep the software environment as simple as possible, instead of employing a full “real-time operating system” to dispatch the tasks, some form of scheduler is employed. In this paper, we are concerned with schedulers whose task priority are assigned during the system design phase and remain static during operation; these ‘fixed priority’ schedulers are generally recognized as being the most suitable for designs when dependability is a key design goal [5] [8]. The simplest form of practical TT scheduler is a “cyclic executive” (e.g. [9] [10]): this has a “timetriggered co-operative” (or “time-triggered nonpreemptive”) architecture. Such time-triggered cooperative (TTC) architectures have been found to be a good match for a wide range of low-cost, resourceconstrained applications. TTC architectures also demonstrate very low levels of task jitter [10], and – provided that an appropriate implementation is used – can maintain their low-jitter characteristics even when techniques such as dynamic voltage scaling (DVS) are employed to reduce system power consumption [11]. Although it has many useful characteristics, a simple TTC solution is not always appropriate. As Allworth has noted: “[The] main drawback with this [cooperative] approach is that while the current process is running, the system is not responsive to changes in the environment. Therefore, system processes must be extremely brief if the real-time response [of the] system is not to be impaired” [12]. We can formally

express this concern by noting that if a system is being designed which must execute one or more tasks of execution time e and also respond within an interval t to external events then, in situations where t < e, a pure co-operative scheduler will not generally be suitable. Time-triggered preemptive (TTP) scheduling has been proposed as an appropriate alternative for use in such circumstances [5] [6] [13]. Of the various options available, the rate monotonic algorithm has been shown by Liu and Layland to be optimal: that is - if it is possible to schedule a task set using a fixed-priority algorithm and meet all of its timing constraints – then a rate-monotonic algorithm can achieve this [6]. More specifically, it can be shown that every task can meet its deadline if the total CPU utilization is